[Freeipa-devel] ipa-replica-prepare requests reverse zone on RHEL

Oleg Fayans ofayans at redhat.com
Thu Aug 20 10:51:17 UTC 2015 

Hi Martin,

I guess, I know where is the problem. During replica-install the replica 
tries to resolve it's own ip to a hostname to check whether the dns is 
configured correctly. And fails, since we specified --no-reverse during 
the replica preparation on master.
This looks like a bug to me.

On 08/20/2015 12:37 PM, Oleg Fayans wrote:
>
>
> On 08/20/2015 12:01 PM, Martin Basti wrote:
>>
>>
>> On 08/20/2015 11:52 AM, Martin Basti wrote:
>>>
>>>
>>> On 08/20/2015 11:42 AM, Oleg Fayans wrote:
>>>> Hi Martin
>>>>
>>>> On 08/20/2015 11:33 AM, Martin Basti wrote:
>>>>>
>>>>>
>>>>> On 08/20/2015 10:18 AM, Oleg Fayans wrote:
>>>>>> Hi all,
>>>>>>
>>>>>> I am trying to run integration tests for dnssec in RHEL-7.2
>>>>>> The tests keep failing at the step of preparing the replica. I
>>>>>> figured
>>>>>> out, the ipa-replica-prepare with the standard parameters requests
>>>>>> reverse zone info (does not do it in fedora) which causes the test to
>>>>>> fail.
>>>>>>
>>>>>> Does anyone know why does it do it? We can, of course update our
>>>>>> tests
>>>>>> adding a --no-reverse option, but I'd like to know how come it
>>>>>> behaves
>>>>>> differently depending on the platform.
>>>>>>
>>>>>> The system is
>>>>>> dell-pe1950-06.rhts.eng.brq.redhat.com
>>>>>>
>>>>>> The command looks like this:
>>>>>>
>>>>>> [root at dell-pe1950-06 ~]# ipa-replica-prepare -p '<password>'
>>>>>> --ip-address 10.34.54.25 dell-pe1950-05.rhts.eng.brq.redhat.com
>>>>>> Do you want to configure the reverse zone? [yes]:
>>>>>>
>>>>> Reverse zone is not needed for DNSSEC test, you can use --no-reverse
>>>>> option.
>>>>>
>>>>> Did you test fedora on the same machine?
>>>> No, it's a beaker-provisioned vm.
>>>>
>>>> I added a --no-reverse to the install_replica method in
>>>> ipatests/test_integration/tasks.py. It fixed this particular issue.
>>>> However, now the test fails at the step of ipa-replica-install:
>>>>
>>>> [root at dell-pe1950-05 ~]# ipa-replica-install -U -p '<password>' -w
>>>> '<password>' --ip-address 10.34.54.25
>>>> /var/lib/ipa/replica-info-dell-pe1950-05.rhts.eng.brq.redhat.com.gpg
>>>> --setup-ca --setup-dns --forwarder 10.34.32.1
>>>> WARNING: conflicting time&date synchronization service 'chronyd' will
>>>> be disabled in favor of ntpd
>>>>
>>>> ipa         : ERROR    Unable to resolve the IP address
>>>> 2620:52:0:2236:215:c5ff:fef3:e54f to a host name, check /etc/hosts
>>>> and DNS name resolution
>>>>
>>>
>>> Hmm, this is interesting, is 2620:52:0:2236:215:c5ff:fef3:e54f IP
>>> address of replica or master.
>>>
>>>
>> Does the resolv.conf point to master on replica?
> It's an ip address of the replica. And yes, it does point to master's ip.
>

-- 
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.

More information about the Freeipa-devel mailing list